Skip to main content
POST
https://app.medisync.me
/
api
/
login
User Login
curl --request POST \
  --url https://app.medisync.me/api/login \
  --header 'Content-Type: application/json' \
  --data '
{
  "email": "<string>",
  "password": "<string>",
  "remember": true
}
'
{
  "success": true,
  "token": "<string>",
  "uid": "<string>",
  "userTitle": "<string>",
  "firstName": "<string>",
  "lastName": "<string>"
}

Overview

The login endpoint authenticates healthcare professionals and returns a JWT token for accessing protected API endpoints. This is the primary authentication method for the MediSync platform.

Request

email
string
required
Registered email address of the healthcare professional
password
string
required
Account password (plaintext, will be hashed server-side)
remember
boolean
default:"false"
Whether to issue a long-lived token (30 days instead of 24 hours)

Example Request

curl -X POST https://app.medisync.me/api/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "SecurePassword123!",
    "remember": false
  }'

Response

success
boolean
Indicates whether the login was successful
token
string
JWT token for authenticating subsequent API requests
uid
string
Unique user identifier for use in API calls
userTitle
string
Medical title (Dr., Prof., etc.)
firstName
string
User’s first name
lastName
string
User’s last name

Success Response

{
  "success": true,
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2NTc4OWFiY2RlZjEyMzQ1Njc4OTAiLCJpYXQiOjE3MDMxMjM0NTYsImV4cCI6MTcwMzIwOTg1Nn0.signature",
  "uid": "user_123456",
  "userTitle": "Dr.",
  "firstName": "John",
  "lastName": "Doe"
}

Error Responses

{
  "success": false,
  "error": "Invalid email or password",
  "code": "INVALID_CREDENTIALS"
}

Usage Examples

Basic Login Flow

async function loginUser(email, password) {
  try {
    const response = await fetch('https://app.medisync.me/api/login', {
      method: 'POST',
      headers: {
        'Content-Type': 'application/json',
      },
      body: JSON.stringify({
        email: email,
        password: password,
        remember: false
      })
    });

    if (!response.ok) {
      const error = await response.json();
      throw new Error(error.error);
    }

    const data = await response.json();
    
    // Store token for subsequent API calls
    localStorage.setItem('authToken', data.token);
    localStorage.setItem('userId', data.uid);
    
    return {
      success: true,
      user: {
        name: `${data.userTitle} ${data.firstName} ${data.lastName}`,
        uid: data.uid
      }
    };
  } catch (error) {
    return {
      success: false,
      error: error.message
    };
  }
}

// Usage
const result = await loginUser('[email protected]', 'password123');
if (result.success) {
  console.log('Login successful:', result.user);
} else {
  console.error('Login failed:', result.error);
}

Token Management

class AuthManager {
  constructor() {
    this.token = localStorage.getItem('authToken');
    this.userId = localStorage.getItem('userId');
  }
  
  async login(email, password, remember = false) {
    const response = await fetch('https://app.medisync.me/api/login', {
      method: 'POST',
      headers: {
        'Content-Type': 'application/json',
      },
      body: JSON.stringify({ email, password, remember })
    });
    
    if (response.ok) {
      const data = await response.json();
      this.setTokens(data.token, data.uid);
      return data;
    } else {
      throw new Error(await response.text());
    }
  }
  
  setTokens(token, userId) {
    this.token = token;
    this.userId = userId;
    localStorage.setItem('authToken', token);
    localStorage.setItem('userId', userId);
  }
  
  getAuthHeaders() {
    return {
      'Authorization': `Bearer ${this.token}`,
      'Content-Type': 'application/json'
    };
  }
  
  isLoggedIn() {
    return !!this.token && !!this.userId;
  }
  
  logout() {
    this.token = null;
    this.userId = null;
    localStorage.removeItem('authToken');
    localStorage.removeItem('userId');
  }
}

Security Considerations

Important Security Notes:
  • Always use HTTPS in production
  • Store tokens securely (avoid localStorage in sensitive applications)
  • Implement token refresh logic for long-lived applications
  • Never log or expose tokens in client-side code

Token Security

Best Practices:
  • Use secure, httpOnly cookies when possible
  • Implement token encryption for local storage
  • Clear tokens on logout or session end
  • Monitor for token leakage in logs
Standard Tokens: 24 hours Remember Me Tokens: 30 daysMonitor token expiration and implement refresh logic:
function isTokenExpired(token) {
  try {
    const payload = JSON.parse(atob(token.split('.')[1]));
    return Date.now() >= payload.exp * 1000;
  } catch {
    return true;
  }
}

Rate Limiting

Login endpoint has specific rate limits to prevent brute force attacks:
  • Limit: 5 attempts per 15 minutes per IP address
  • Lockout: 15 minutes after 5 failed attempts
  • Headers: Check X-RateLimit-* headers in responses
async function loginWithRetry(email, password, maxRetries = 3) {
  for (let attempt = 1; attempt <= maxRetries; attempt++) {
    try {
      const response = await fetch('https://app.medisync.me/api/login', {
        method: 'POST',
        headers: { 'Content-Type': 'application/json' },
        body: JSON.stringify({ email, password })
      });

      if (response.status === 429) {
        const retryAfter = response.headers.get('retry-after');
        console.log(`Rate limited. Retry after ${retryAfter} seconds`);
        
        if (attempt < maxRetries) {
          await new Promise(resolve => 
            setTimeout(resolve, retryAfter * 1000)
          );
          continue;
        }
      }

      return await response.json();
    } catch (error) {
      if (attempt === maxRetries) throw error;
      await new Promise(resolve => setTimeout(resolve, 1000 * attempt));
    }
  }
}

Testing

Test Credentials

Never use production credentials for testing. Create dedicated test accounts for development and staging environments.

Integration Testing

# Test successful login
curl -X POST https://app.medisync.me/api/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "testpassword"
  }' \
  -w "\nHTTP Status: %{http_code}\n"

# Test invalid credentials
curl -X POST https://app.medisync.me/api/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "wrongpassword"
  }' \
  -w "\nHTTP Status: %{http_code}\n"

Next Steps

Register Account

Create a new healthcare professional account

User Profile

Retrieve user profile information after login